CLAIMS 



1 . (Currently Amended) A system for managing client accounts and 
controlling access to resources over data networks, said system comprising: 

(a) a mechanism for sharing client information and charges among a plurality 
of service providers^; 

(b) A a client registration database maintained by who is r e gister e d with one 
of the service providers (the its "home provider") and includes information which 
selectively authorizes is allow e d to access to the resources of the other service providers 
("outside providers") that ar e part of th e syst e m , each service provider maintaining an 
independent database of its respective clients;- 

(c) a settling means , separate from a respective home provider, for settling 
adapt e d to allow th e syst e m to s e ttl e accounts among service providers by charging the 
home provider for access by its clients to the resources of the outside providers , the 
settling means accessing a respective home provider registration database, and 
communicating with an accounting database maintained separately from a respective 
registration databases 

(d> a payment means adapted to assure that the outside providers are then paid 
for that access through th e syst e ms 

(e) r a sharing means adapted to allow th e system to allow the service providers 
to share users without requiring an open account for each user at each service provider^ 
and 

(f) T a verification means including a token and an authentication server 
adapted to allow each service provider to determine if a particular client is registered by a 
home provider a memb e r of th e syst e m , verify that the client has authenticated at his 
home provider, and determine this that client's access privileges and criteria. 

2. (Currently Amended) A system as recited in claim 1 including means by 
which an owner of goods may s e ll sells access to those goods across a data network such 
that the owner may instantaneously and simultaneously display across the network 
multiple differing prices of the same good or classes of goods d e p e nding upon th e 
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alt e rnativ e pricing r e quir e m e nts of oth e r clients of th e syst e m as transf e rred by th e 
syst e m . 

3. (Currently Amended) A system as recited in claim 1, including means by 
which one a service provider m e mb e r of th e syst e m may instantaneously configur e 
configures the form and substance of services or goods across a data network provided to 
different or unique clients in response to data accompanying about the cli e nt provided by 
th e syst e m along with the client's request for service. 

4. (Currently Amended) A system as recited in claim 1, including means by 
which a service provider on e m e mb e r of th e syst e m may instantaneously d e t e rmin e 
determines whether or what type or form of service or goods across a data network to 
provide to different or unique clients of th e syst e m based upon data about the client 
provided along with the client's request for service. 

5. (Currently Amended) A system as recited in Claim 1, including means by 
which multiple service providers m e mb e rs of the syst e m may aggregate, transfer and 
share data about the clients of the system , in a standardized form which identifies each 
client by a unique alpha-numeric sequence, but where the personal identifying attributes 
of the client need be known only to the home provider on e syst e m memb e r responsibl e 
for e nrolling th e cli e nt . 

6. (Currently Amended) A system as recited in Claim 1, including means by 
which a service providers client of th e syst e m may request access to, review of, or 
purchase of resources or goods across a data network of m e mb e rs of the syst e m clients on 
the basis of specific attributes of the client which the client elects to provide at the 
moment when service is requested, where such attributes are technically capable of being 
an integral and automatic part of the request form. 

7. (Currently Amended) A system as recited in Claim 1, including means by 
which a provid e r of s e rvic e home provider und e r th e syst e m provides a client's 



preference, pricing and service-class information to a common service point in exchange 
for an authenticatable token, which the s e rvic e home provider then provides to its client, 
so that the client may in turn offer the token to multiple oth e r s e rvic e outside providers 
whose services or goods across a data network the client wishes to access, review or 
purchase. 

8. (Original) A system as recited in Claim 7, which employees the 
Internet's Hyper-Text Transfer Protocol (HTTP), and has appending means adapted to 
appending to or include in the user computer a Uniform Resource Locator (URL), or in a 
Request/Response Header, a sequence of alpha-numeric characters which includes said 
authenticatable token. 

9. (Currently Amended) A system as recited in Claim 7, which includes an 
acceptance means by which a client's token is accepted by a syst e m m e mb e r service 
provider from whom the client wishes to receive services or goods across a data network, 
and is instantaneously submitted to the syst e m's common service point, which, if the 
token's contents match that of a token in the common service point's dynamic session 
database, returns preference, pricing and service-class information about the requesting 
client, prior to the providing of the requested services or goods across a data network. 

10. (Original) A system as recited in Claim 9, of utilizing the User 
Datagram Protocol (UDP) for implementing the acceptance means. 

1 1 . (Currently Amended) A system as recited in Claim 1, for collecting and 
storing at a common service point discrete records of access by clients to resources or 
goods across a data network of multiple members of th e service providers , where such 
collection is capable of occurring instantaneously subsequent to the providing of each 
resource or good. 

12. (Currently Amended) A system as recited in Claim 1 1 5 including means by 
which discrete records are instantaneously sorted and stored in databases according to the 
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identity of the s e rvic e home provider of th e individual cli e nt whos e activity r e sult e d in 
th e r e cord b e ing produc e d . 

13. (Previously Presented) A system as recited in Claim 1, including means 
for collecting and aggregating records of financial charges for access to, review or 
acquisition of services or goods across a data network such that the records may be 
supplied to the suppliers of client servers without knowledge of or reference to the 
ultimate form of payment by the client. 

14. (Previously Presented) A system as recited in Claim 1, in which said token 
is only "read" by said authentication server, thus permitting the token to be private-key 
encrypted. 

15. (Previously Presented) A system as recited in Claim 1, wherein which said 
client comprises an end user and has an end user's account and an end user's account 
manager, for enabling an initiating Internet World Wide Web host to present in 
HyperText Markup Language (HTML) "hypertext links" which address services or goods 
available from multiple other receiving World Wide Web sites such that when the end 
user highlights or clicks the link a process is initiated whereby the receiving site is able to 
bill the end user's account manager for access to, review or acquisition of the services or 
goods, without regard to whether the end user's account is maintained by the initiating 
WWW host or by some other service provider. 

16. (Currently Amended) A system as recited in Claim 1, which includes a 
sequence means adapted for obtaining, transferring and maintaining among multiple 
n e twork cli e nts service providers a unique alpha-numeric sequence associated with a 
specific digital information resource or object for a purpose; where the topological 
location of the resource on the network may not necessarily be related or relevant to the 
location where, or time when, the resource was originally created. 
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17. (Currently Amended) A system as recited in Claim 1, which includes a 
sequence means adapted for obtaining, transferring and maintaining among multiple 
n e twork cli e nts service providers and th e ir serv e r a dynamically updated record of funds 
encumbered by a network user for the purchase of a digital information resource or 
resources., such that each subsequent record of purchase in time, and the transfer to clients 
of an updated record of funds available or authorized to be encumbered, is accomplished. 

1 8. (Currently Amended) A method for managing client accounts and 
controlling access to resources over data networks, said method comprising: 

(a) a method for sharing client information and charges among a plurality of 
service providers;^ 

(b) a st e p which creates registering a client who is r e gist e r e d with one of the 
service providers (the "home provider") in a registration database, and is allow e d 
allowing the client to access the resources of the other service providers ("outside 
providers") , each service provider maintaining an independent registration database of its 
clients that ar e part of th e m e thod, ; 

(c) a settling st e p adapted to allow th e method to s e ttl e accounts among service 
providers by charging the home provider for access by its clients to the resources of the 
outside providers , by accessing a respective home provider registration database, and 
communicating with an accounting database maintained separately from a respective 
registration databases 

(d) a paym e nt st e p adapt e d to assure assuring that the outside providers are theft 
paid for that access by of a home provider for a client's access to the outside provider's 
resources through th e m e thod,^ 

(e) a sharing st e p adapted to allow th e m e thod to allow allowing the providers to 
share users without requiring an open account for each user at each service provider^ and 

(f) a v e rification st e p including us e of a tok e n and an auth e ntication s e rv e r 
adapted to allow allowing each provider to determine if a particular client is registered a 
m e mber of th e m e thod , v e rify verifying that the client has authenticated at his home 
provider, and d e t e rmine this determining that client's access privileges and criteria. 
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19. (Currently Amended) A method as recited in claim 18 by which the owner 
of goods may s e ll sells access to those goods across a data network such that the owner 
may instantaneously and simultaneously display across the network multiple differing 
prices of the same good or classes of goods d e p e nding upon th e alt e rnativ e pricing 
requir e m e nts of oth e r cli e nts of th e m e thod as transferred by th e m e thod , 

20. (Currently Amended) A method as recited in claim 18, by which one 
m e mb e r of th e m e thod a service provider may instantaneously configur e configures the 
form and substance of services or goods across a data network provided to different or 
unique clients in response to data about the client provid e d by th e m e thod along with 
accompanying the client's request for service. 

21 . (Currently Amended) A method as recited in claim 1 8, by which one 
memb e r of th e m e thod may a service provider instantaneously d e termin e determines 
whether or what type or form of service or goods across a data network to provide to 
different or unique clients of th e m e thod based upon data about the client provided along 
with accompanying the client's request for service. 

22. (Currently Amended) A method as recited in Claim 18, by which multiple 
memb e rs of the method may service providers aggregate, transfer and share data about 
the clients of th e method , in a standardized form which identifies each client by a unique 
alpha-numeric sequence, but where the personal identifying attributes of the client need 
be known only to the home provider on e m e thod m e mb e r r e sponsible for e nrolling th e 
client . 

23. (Currently Amended) A method as recited in Claim 18, in which a cli e nt 
of the m e thod may requ e st a service provider requests access to, review of, or purchase of 
resources or goods across a data network of m e mb e rs of th e m e thod on the basis of 
specific attributes of the client which the client elects to provide at the moment when 
service is requested, where such attributes are technically capable of being an integral and 
automatic part of the request form. 
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24. (Currently Amended) A method as recited in Claim 18 5 in which a 
provid e r of s e rvic e und e r th e m e thod home provider provides a client's preference, 
pricing and service-class information to a common service point in exchange for an 
authenticatable token, which the s e rvic e home provider then provides to its client, so that 
the client may in turn offer the token to multiple other s e rvic e outside providers whose 
services or goods across a data network the client wishes to access, review or purchase. 

25. (Original) A method as recited in claim 24, employing the Internet's 
Hyper-Text Transfer Protocol (HTTP), of appending to or including in a Uniform 
Resource Locator (URL), or in a Request/Response Header, a sequence of alpha-numeric 
characters which includes said authenticatable token. 

26. (Currently Amended) A method as recited in claim 24, which includes an 
acceptance step by which a client's token is accepted by a m e thod m e mb e r service 
provider from whom the client wishes to receive services or goods across a data network, 
and is instantaneously submitted to the m e thod's common service point, which, if the 
token's contents match that of a token in the common service point's dynamic session 
database, returns preference, pricing and service-class information about the requesting 
client, prior to the providing of the requested services or goods across a data network. 

27. (Original) A method as recited in claim 26, of utilizing the User 
Datagram Protocol (UDP) to accomplish the acceptance step. 

28. (Currently Amended) A method as recited in claim 1 8, for collecting and 
storing at a common service point discrete records of access by clients to resources or 
goods across a data network of multiple members of th e service providers , where such 
collection is capable of occurring instantaneously subsequent to the providing of each 
resource or good. 
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29. (Original) A method as recited in claim 28, by which discrete records 
are instantaneously sorted and stored in databases according to the identity of the service 
provider of the individual client whose activity resulted in the record being produced. 

30. (Currently Amended) A method as recited in Claim 18, for collecting and 
aggregating records of financial charges for access to, review or acquisition of services or 
goods across a data network such that the records may be supplied to the suppliers of 
client s e rv e rs services without knowledge of or reference to the ultimate form of payment 
by the client. 

3 1 . (Previously Presented) A syst e m method as recited in Claim 1 8, in which 
said token is only "read" by said authentication server, thus permitting the token to be 
private-key encrypted. 

32. (Previously Presented) A method as recited in claim 18, wherein which 
said client comprises an end user and has an end user's account and an end user's account 
manager, for enabling an initiating Internet World Wide Web host to present in 
HyperText Markup Language (HTML) "hypertext links" which address services or goods 
available from multiple other receiving World Wide Web sites such that when the end 
user highlights or clicks the link a process is initiated whereby the receiving site is able to 
bill the end user's account manager for access to, review or acquisition of the services or 
goods, without regard to whether the end user's account is maintained by the initiating 
WWW host or by some other service provider. 

33. (Currently Amended) A method as recited in claim 18, including the step 
of obtaining, transferring and maintaining among multiple network cli e nts service 
providers a unique alpha-numeric sequence associated with a specific digital information 
resource or object for a purpose; where the topological location of the resource on the 
network may not necessarily be related or relevant to the location where, or time when, 
the resource was originally created. 
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34. (Currently Amended) A method as recited in Claim 1 8 which includes 
sequence steps adapt e d for obtaining, transferring and maintaining among multiple 
n e twork cli e nts and th e ir server service providers a dynamically updated record of funds 
encumbered by a n e twork us e r client for the purchase of a digital information resource or 
resources such that each subsequent record of purchase in time, and the transfer to clients 
of an updated record of funds available or authorized to be encumbered, is accomplished. 

35. (Currently Amended) A method of providing an online service to a user 
over a public network, the online service provided by a Service Provider (SP) site to a 
user computer via the public network, the method comprising the steps of: 

sending a request message from the user computer to the SP site over the public 
network to request the use of the online service; 

generating a challenge message at the SP site in response to the request message 
and sending the challenge message over the public network to the user computer; 

generating a response message in the user computer in response to the challenge 
message and sending the response message over the public network to the SP site, the 
response message including or being based upon an identifier of the user; 

sending at least the response message from the SP site to a remote online broker 
site, the online broker site having a brokering database which contains account 
information of registered users of an online brokering service of the online broker site; 

processing the response message at the remote online broker site to determine 
whether the response message is authentic, the step of processing comprising accessing 
the account information in the brokering database; 

sending a verification message from the remote online broker site to the SP site, 
the verification message indicating whether the response message is authentic; 
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retrieving access rights data of the user from the brokering database if the 
response message is authentic, the access rights data specifies a plurality of content 
categories to which the user has access, the plurality of content categories corresponding 
to a plurality of different online services offered by the SP site; 

sending the access rights data from the online broker site to the SP site; 

providing the online service from the SP site to the user computer over the public 
network if the verification message indicates that the response message is authentic; and 

denying access by the user to the online service if the verification message 
indicates that the response message is not authentic ; and 

updating a settling database at a settlor site, with a charge related to the user 
computer access to the SP site, the settlor site being maintained separately from the 
remote online broker site , 

36. (Previously Presented) A method as in claim 35, wherein the step of 
generating a response message comprises obtaining a password of the user. 

37. (Previously Presented) A method as in claim 36, wherein the step of 
generating the response message further comprises applying a cryptographic algorithm to 
at least the challenge message such that the resulting response message depends upon 
both the challenge message and the password. 

38. (Previously Presented) A method as in claim 36, wherein the step of 
obtaining the password of the user comprises retrieving the password from a password 
cache on the user computer, the password cache temporarily storing the password 
following manual entry by the user, the method thereby enabling the user to access 
multiple SP sites without re-entering the password. 
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39. (Currently Amended) A method as in claim 35, further comprising the 
steps of: 

assigning an anonymous identifier to the user at the online broker site and sending 
the anonymous identifier to the SP site to enable the SP site to anonymously charge the 
user for an online service; and 

generating a billing event at the SP site and sending the billing event to the settlor 
onlin e brok e r site, the billing event specifying at least (1) the anonymous identifier of the 
user, and (2) a monetary charge to be applied to an account of the user. 

40. (Currently Amended) A method as in claim 35, further comprising the 
steps of: 

establishing a connection between the user computer and the settlor onlin e brok e r 
site; and 

providing an online billing statement to the user over the connection, the online 
billing statement reflecting the monetary charge specified in the billing event. 

41 . (Currently Amended) A method as in claim 35, further comprising the 
step of sending a billing statement from the onlin e brok e r settlor site to the user computer 
over the public network, the billing statement reflecting the monetary charge specified in 
the billing event. 

42. (Previously Presented) A method as in claim 35, further comprising 
the steps of: 
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sending an access rights update request from the SP site to the remote online 
broker site, the access rights update request specifying an update to be made by the online 
brokering service to the access rights of the user; and 

processing the access rights update request at the online broker site by updating 
the access rights data of the user stored within the brokering database. 

43. (Previously Presented) A method as in claim 35, further comprising 
the steps of: 

retrieving user-specific preference data of the user from the brokering database 
and sending the preference data from the online broker site to the SP site, the preference 
data indicating at least one user-specified preference for the customization of online 
services; and 

adjusting the online service provided from the SP site according to the user- 
specified preference. 

44. (Previously Presented) A method as in claim 43, wherein the 
preference data includes a connection speed at which the user computer connects to the 
public network, and wherein the step of adjusting comprises providing the service to the 
user computer at a speed which is commensurate with the connection speed. 

45. (Previously Presented) A method as in claim 43, wherein the 
preference data includes a display preference for the display of a particular type of media. 

46. (Previously Presented) A method as in claim 35, further comprising 
the steps of: generating a first session key at the user computer; 
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generating a second session key at the online broker site and sending the second 
session key to the SP site, the second session key corresponding to the first session key; 
and 

using the first and second session keys to encrypt and decrypt message traffic 
between the user computer and the SP site as the online service is provided to the user 
computer. 

47. (Previously Presented) A method as in claim 35, wherein the public 
network comprises the Internet. 

48. (Previously Presented) A method as in claim 35, wherein the steps 
of passing the request, challenge and response messages over the public network 
respectively comprise passing the request, challenge and response messages over a 
private network. 

49. (Currently Amended) A method providing a fee-based online service from 
a Service Provider (SP) site to a user over a public network while concealing the payment 
and personal information of the user from the Service Provider, comprising the steps of: 

registering a user at a registration site that provides a registration service, the 
registration site having a registration database which contains registration information on 
the user and on other users of the online service, the registration site being located 
remotely from the SP site; 

providing an online broker site that provides an online brokering service, the 
online broker site having a brokering database which contains account information on the 
user and on other users of the online brokering service, the online broker site being 
located remotely from the SP site and the registration site ; 
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establishing a connection between a computer of the user ("user computer") and 
the SP site over at least the public network; 

generating an encrypted authentication message at the user computer and sending 
the authentication message to the onlin e brok e r registration site via at least the public 
network; 

verifying the authentication message at the onlin e brok e r registration site to 
thereby authenticate the user, the step of verifying comprising accessing the account 
information of the user stored in the registration brok e ring database; 

generating an anonymous ID at the onlin e brok e r registration site and sending the 
anonymous ID to the SP site to allow the SP site to impose a charge the user for the 
online service; 

providing the online service from the SP site to the user computer over the public 
network; 

r e tri e ving us e r sp e cific customization data of th e user from th e brok e ring databas e 
and s e nding th e customization data from the online brok e r sit e to th e SP sit e , the 
customization data indicating a user sp e cifi e d pr e f e r e nc e for th e customization of th e 
onlin e s e ndee; 

adjusting th e onlin e s e rvic e provid e d from the SP sit e according to th e us e r 
specifi e d pr e f e r e nc e ; and 

generating a billing event at the SP site and sending the billing event to the online 
broker site, the billing event specifying at least (1) the anonymous ID, and (2) a monetary 
charge to be applied to an account of the user in the brokering database . 
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50. (Currently Amended) A method as in claim 49, wherein the step of 
generating an encrypted authentication message comprises the steps of prompting the 
user for a password and using the password to generate the authentication message, the 
password stored in the brok e ring registration database so that the onlin e brok e ring s e rvic e 
can d e t e rmine to permit determination whether the authentication message corresponds to 
the password. 

5 1 . (Currently Amended) A method as in claim 49, wherein the step of 
sending the encrypted authentication message to the online broker site comprises the 
steps of: 

sending the authentication message from the user computer to the SP site over the 
public network; and 

sending the authentication message from the SP site to the onlin e brok e r 
registration site. 

52. (Previously Presented) A method as in claim 49, further comprising 
the step of processing the billing event at the online broker site to thereby apply the 
charge to the account of the user. 

53 . (Previously Presented) A method as in claim 52, further comprising 
the step of providing an account statement from the online broker site to the user 
computer over at-least the public network, the account statement reflecting the charge 
specified in the billing event. 

54. (Currently Amended) A method as in claim 49, further comprising the 
steps of: 
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retrieving access rights data of the user from the brokering database, the access 
rights data specifying the access rights of the user with respect to the online service 
and/or the SP site; and 

sending the access rights data from the online brok e r registration site to the SP 

site. 

55. (Previously Presented) A method as in claim 54, further comprising 
the step of interpreting the access rights data at the SP site to determine whether the user 
is authorized to access a particular content item of the SP site. 

56. (Currently Amended) A method as in claim 54, further comprising the 
step of sending an access rights update request from the SP site to the onlin e broker 
registration site, the access rights update request specifying at least (1) the anonymous ID 
of the user, and (2) an update to be made by th e onlin e brok e ring s e nde e to the access 
rights data of the user. 

57. (Currently Amended) A method as in claim 49, further comprising the 
steps of: 

retrieving user-specific customization data of the user from the brokering database 
and sending the customization data from the online broker site to the SP site, the 
customization data indicating a user- specified preference for the customization of the 
online service; and 

adjusting the online service provided from the SP site according to the user- 
specified preference 

wh e r e in th e customization data includ e s a conn e ction spe e d at which th e us e r 
comput e r connects to the public network, and wh e rein th e st e p of adjusting compris e s 
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providing th e s e rvice to th e us e r comput e r at a sp ee d which g e n e rally corr e sponds to th e 
connection sp ee d . 



58. (Currently Amended) A method as in claim 57 49, wherein the 
customization data includes at least one of a display preference for the display of a 
particular type of media and a connection speed at which the user computer connects to 
the public network, and wherein the step of adjusting comprises providing the service to 
the user computer at a speed which generally corresponds to the connection speed , 

59. (Currently Amended) A method as in claim 49, further comprising the 
steps of: 

generating a first session key at the user computer; 

generating a second session key at the onlin e brok e r registration site and sending 
the second session key to the SP site, the second session key corresponding to the first 
session key; and 

using the first and second session keys to encrypt and decrypt message traffic 
between the user computer and the SP site as the online service is provided to the user 
computer. 

60. (Previously Presented) A method as in claim 49, wherein the public 
network comprises the Internet. 

61 . (Previously Presented) A method as in claim 49, wherein the online 
service comprises a software download service. 

62. (Previously Presented) A method as in claim 49, wherein the online 
service comprises user access to media content an onlin e version of a print e d publication . 
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63. (Currently Amended) A system for allowing users to securely access 
online service providers over an untrusted distributed network, comprising: 

a plurality of Service Provider (SP) sites connected to the distributed network, 
each SP site running at least one service application to provide an online service to users 
over the distributed network; 

a plurality of user computers connected to the distributed network, each user 
computer running at least one client application for accessing online services of the SP 
sites; 

an online broker site connected to the plurality of SP sites, the online broker site 
running at least one brokering application to provide an online brokering service to 
account for use of the online services by respective users , the online broker sit e SP sites 
optionally including a user database containing user-specific authentication information 
of users that have registered with an SP site to us e th e onlin e brokering s e rvice , the 
registered users accessing the SP sites from the users computers over the distributed 
network; 

a th e us e r databas e which stor e s storing us e r sp e cific customization data, th e 

customization data sp e cifying pr e f e rences of th e r e gist e red us e rs with r e sp e ct to th e 
onlin e s e rvices of th e SP sites, th e customization data provided to th e SP sites by th e 
onlin e brok e ring s e rvic e to e nable th e SP sit e s to customiz e the online servic e s to th e 
pr e fer e nc e s of individual regist e red us e rs; and 

an authentication protocol for allowing the online brokering s e rvic e SP site to 
authenticate registered users in response to user-specific authentication requests from the 
SP sites, the authentication requests responsive to requests from the user computers to 
access the online services of the SP sites, the authentication protocol implemented by 
software components of the user computers, the SP sites, and the online broker site. 
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64. (Previously Presented) A system as in claim 63 , further comprising 
a billing system for allowing the SP sites to charge the registered users for accesses to the 
online services by sending billing events to the online brokering service, the billing 
system including a centralized database for recording billing events to accounts of the 
registered users. 

65. (Currently Amended) A system as in claim 64, wherein the billing system 
includes a billing viewer application running on the user computers, the billing viewer 
application allowing a registered user to view a personal billing statement stored in the 
c e ntraliz e d online broker database, the billing statement including charges from multiple 
different SP sites of the plurality of SP sites. 

66. (Currently Amended) A system as in claim 63, further comprising an 
access rights database at the onlin e brok e r registration site, the access rights database 
storing access rights data for a plurality of the registered users, the access rights data 
specifying access rights of the plurality of registered users with respect to the SP sites, the 
access rights data provided to the SP sites by the registration site onlin e brokering 
servic e. 

67. (Previously Presented) A system as in claim 63, wherein the 
authentication protocol implements a challenge-response protocol. 

68. (Previously Presented) A system as in claim 63, wherein the 
distributed network comprises the Internet. 

69. (Currently Amended) A method providing a fee-based online service from 
a Service Provider (SP) site to a user over a distributed network while concealing the 
payment and personal information of the user from the Service Provider, comprising the 
steps of: 
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providing a registration site that provides a registration service, the registration 
site having a registration database which contains registration information on the user and 
on other users of the online service, the registration site being located remotely from the 
SP site; 

providing an online broker site that provides an online brokering service, the 
online broker site having a brokering database which contains account information on the 
user and on other users of the online brokering service, the online broker site located 
remotely from the SP site and the registration site ; 

sending an access request from a computer of the user ("user computer") over the 
distributed network to the SP site; 

sending an authentication request from the SP site to the online brok e r registration 
site in response to the access request; 

prompting the user for a user identifier at the user computer and sending the user 
identifier to the onlin e brok e r registration site; 

authenticating the user at the onlin e brok e r registration site in response to the 
authentication request, the step of authenticating comprising using the user identifier sent 
from the user computer to access the account information stored within the brok e ring 
registration database; 

sending a verification message from the onlin e brok e r registration site to the SP 
site in response to the authentication request, the verification message indicating whether 
the step of authenticating was successful; 

retrieving access rights data of the user from the brok e ring registration database if 
the step of authenticating is successful, the access rights data specifying a plurality of 
access rights of the user with respect to the online service and/or the SP site; 
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sending the plurality of access rights data from the online brok e r registration site 
to the SP site to anonymously inform the SP site of the access rights of the user; 

providing the fee-based online service from the SP site to the user computer over 
the distributed network only if the verification message indicates that the step of 
authenticating was successful; 

generation a billing event at the SP site and sending the billing event to the online 
broker site, the billing event anonymously identifying the user to the online brokering 
service, the billing event including a charge for the providing of the online service to the 
user computer; and 

updating an account of the user at the online broker site to reflect the charge 
included within the billing event. 

70. (Previously Presented) A method as in claim 69, further comprising 
the step of providing an account statement from the online broker site to the user 
computer over at-least the distributed network, the account statement reflecting the 
charge included in the billing event. 

71. (Currently Amended) An online brokering service for allowing users of a 
public network to anonymously purchase online services from Service Provider (SP) sites 
on the public network, the online brokering service provided from an online broker site 
and a registration site that is are each located separately and remotely from the SP sites, 
the online brokering service comprising: 

a database at the registration site which contains account information of users that 
have registered with online brokering service, the account information including at least a 
unique identifier of each registered user; 
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a billing system at the online broker site for recording monetary charges to 
accounts of registered users, the monetary charges corresponding to online services 
purchased from the SP sites over the public network; and 

a software package running at the online broker site, the brokerage software 
package performing at least the following functions: 

(a) receiving identifying information about the user generated at the registration 
site to correlate an anonymous ID of a registered user with an identification of an account 
of a registered user; and 

auth e nticating r e gist e red us e rs in r e spons e to auth e ntication requ e sts r e c e iv e d from the 
SP sites, th e auth e ntication requ e sts g e n e rat e d in r e spons e to att e mpts by r e gist e r e d users 
to access online servic e s of th e SP sites, said auth e nticating comprising accessing th e 
database to v e rify us e r account information; 

(b) receiving user-specific billing events from the SP sites and passing the billing 
events to the billing system to update the accounts of registered users, each billing event 
specifying at least (1) an anonymous ID of a registered user, and (2) a charge to be 
applied to the account of the registered user; and 

a software package running at the registration site, the registration software 
package performing at least the following functions: 

(a) authenticating registered users in response to authentication requests received 
from the SP sites, the authentication requests generated in response to attempts by 
registered users to access online services of the SP sites, said authenticating comprising 
accessing the database to verify user account information; 

(e) (b) retrieving user-specific access rights data from the database in response to 
requests from the SP sites and transmitting the access rights data to the SP sites, the 
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access rights data specifying a plurality of content categories or services to which a 
registered user has access and enabling the SP sites to provide customized access rights to 
the registered users ; and 

(c) generating an anonymous ID of a registered user for use by the SP sites and 
communicating the identifying information for correlating the anonymous ID with an 
identification of an account of a registered user to the online brokerage site . 

72. (Previously Presented) An online brokering service as in claim 7 1 , 
wherein at least one of the online broker software package and registration software 
package further performs the function of: 

retrieving user-specific customization data from the database in response to 
requests from the SP sites and transmitting the customization data to the SP sites, the 
customization data indicating user specified preferences for enabling the SP sites to 
provide user customized online services. 

73. (Previously Presented) An online brokering service as in claim 71, 
wherein the billing system comprises a software module for allowing the registered user 
to remotely access an online billing statement, the online billing statement reflecting 
billing events received by the online broker site from multiple different SP sites. 

74. (Previously Presented) An online brokering service as in claim 71, 
wherein the public network comprises the Internet. 

75. (Currently Amended) A virtual online services network for allowing users 
to directly access service provider (SP) sites over a public network, comprising: 

an online brokering service running on at least one site of a computer network, the 
online brokering service storing account and billing information for a plurality of users of 
the public network, e ach of the us e rs having a r e spectiv e account with th e onlin e 
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brok e ring servic e , the online brokering service providing online access by the users to 
account-specific billing information; 

a registration service running an at least one site of a computer network, and 
being separate from the online brokering service, the registration service storing account 
information for a plurality of users of the public network, each of the users having a 
respective account with the online brokering service; 

a plurality of fee-based online services running on a plurality of independent 
service provider (SP) sites on the public network, the SP sites directly accessible to the 
users over the public network, each SP site being registered with the online brokering 
service and the registration service, and being configured to use the online brok e ring 
registration service to authenticate the users when the users connect to the SP sites over 
the public network, the fee-based services configured to generate account-specific billing 
events in response to uses of the online services by the users and to forward the billing 
events to the online brokering service so that the users are billed for the online services 
from a centralized billing location; and 

a log-on protocol which allows the users to access the plurality of online services 
using their respective accounts with th e onlin e brok e ring s e rvic e, the log-on protocol 
configured to (1) prompt a user for an account identifier, (2) cache the account identifier 
during the course of a user log-on session, and (3) use the cached account identifier to 
access multiple different SP sites, the log-on protocol thereby allowing the user to 
se e ml e ssly seamlessly access the plurality of fee-based online services following a single 
log-on event; 

wherein the online brok e ring registration service stores user-specific access rights 
data, and provides the access rights data specifying access rights for a plurality of online 
services for a specific user to the SP sites in response to requests from the SP sites, and 
wherein the fee-based online services are configured to use the access rights data to 
automatically provide user-customized services to the users. 
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76. (Currently Amended) A virtual online services network as in claim 75, 
wherein the log-on protocol is implemented by respective software components stored on 
(1) the SP sites, (2) the at least one site of the onlin e brok e ring registration service, and 
(3) computers of the users. 

77. (Previously Presented) A virtual online services network as in claim 
75, wherein the log-on protocol includes a challenge-response authentication protocol for 
allowing the SP sites to authenticate the users. 

78. (Previously Presented) A virtual online services network as in claim 
75, wherein the public network comprises the Internet. 

79. (Currently Amended) An apparatus comprising: 

A a broker server operatively connected to a computer network, the broker server 
having a processor and a computer readable memory, the memory storing broker server 
implementation software, including customer access software, sit e linking softwar e to 
link custom e rs to sel e ct e d sit e s on th e comput e r n e twork and at least one broker data 
structure; 

a registration server operatively connected to a computer network, maintained 
separately from the broker server, the registration server having a processor and a 
computer readable memory, the memory storing registration server implementation 
software, including customer access software, and at least one registration data structure; 

the at least one broker data structure including a list of regist e red custom e rs along 
with corr e sponding ID and paym e nt account information for a plurality of registered 
customers , and including a list of onlin e sit e s with th o ir corr e sponding linking 
information, th e list of onlin e sit e s b e ing a subset of the sit e s availabl e to us e rs of th e 
comput e r n e twork, th e at least one data structur e furth e r including acc e ss rights to a 
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plurality of onlin e s e rvic e s provid e d by at l e ast on e onlin e sit e within th e list of onlin e 

jl ICj, 

the at least one registration data structure including registration data of a plurality 
of a plurality of registered customers, the at least one data structure further comprising 
access rights relating to a plurality of online services; 

whereby the brok e r registration server facilitates seamless connection between a 
selected registered customer from its list of custom e rs and a s e l e ct e d an online site ftem 
th e list e d online sit e s to create a virtual online service, including anonymously providing 
the selected customer's access rights to the plurality of online services provided by the 
selected online site , and 

whereby the broker server receives anonymous accounting information from the 
online site for charges of a customer and receives identifying information from the 
registration server to permit updating of account information for a respective registered 
customer , 

80. (Previously Presented) An apparatus as in claim 79, wherein the 
computer network is a public network which comprises the Internet, and wherein the 
online sites are World Wide Web sites of the Internet. 

8 1 . (Previously Presented) A system, comprising: 

(a) a plurality of separate user registration databases, each storing a plurality 
of user identifications, including user account reference information; 

(b) a provider interface, through which a plurality of providers issue requests 
to post a transaction to a particular user account, without requiring knowledge of a 
respective user identity; 
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(c) a settlement server, receiving said requests, accessing at least one of said 
user registration databases, and communicating said request and an user identity to one of 
a plurality of user account databases; and 

(d) said user registration databases and said user account databases being 
independent and remotely located with respect to each other. 

82. (Previously Presented) A method, comprising: 

(a) recording a user identification, including user account reference 
information, into one of a plurality of separately maintained user registration databases; 

(b) issuing a request to post a transaction to a particular user account, without 
requiring knowledge of a respective user identity by a posting party; 

(c) at a settlement server: 

(i) receiving the request from the posting party, 

(ii) accessing at least one of the user registration databases, and 

(iii) communicating the request and an user identity to corresponding 
one of a plurality of user account databases; and 

(d) independently maintaining the user registration databases and the user 
account databases at remote locations. 
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